Database Reference
In-Depth Information
tions with mode
0770
have higher security concerns—for example, the configuration
of security realms, user accounts, and groups is kept under the
/db/system/security
collection, and it is undesirable to allow non-
dba
users access to this collection.
User masks
In eXist-db, user accounts can be assigned a mask, just like in Unix; this is known as a
umask
. The umask adjusts the permissions applied to new resources and collections
created by that user. The effective permissions applied at creation time are calculated
by taking the default permissions and subtracting the umask of the user creating the
resource or collection.
The default umask in eXist is
022
, but this is configurable for each user account.
Table 8-6
shows some examples of how the effective permissions are calculated when
a new resource or collection is created.
Table 8-6. Effective default permissions
For
Permissions
umask
Applied permissions
New resource
0666
(default)
022
(default)
0666
-
022
=
0644
(
rw-r--r--
)
New collection
0777
(default)
022
(default)
0777
-
022
=
0755
(
rwxr-xr-x
)
So what does this all mean? Quite simply, that by default:
• For new resources, the owner can only read and write (this prevents accidentally
granting execution permission on XQuery resources to unintended users). The
group and other users can only read the resource.
• For new collections, the owner can open the collection, list the contents, and add
or remove resources and subcollections. The group can open the collection and
list the contents, but cannot add or delete. Other users, similar to group users,
can open the collection and list the contents, and also cannot add to or delete
from it.
Search WWH ::
Custom Search